Joining me in this interview is Christopher Goes, Co-founder of Namada, and we're going to discuss the challenges of integrating privacy with asset transfers, including both fungible and non-fungible tokens, and the technical solutions employed to maintain privacy across various asset types. We'll also touch on the role of zk-SNARK technology in enabling private transfers and the significance of making zero-knowledge proofs feasible on edge devices for wider adoption. Please introduce yourself, and tell us what you do. My name is Christopher; I primarily work on protocol and organizational design for Anoma & Namada at Heliax (which often, but not always, turn out to be two sides of the same coin). What were the most significant technical challenges in developing Namada, and how were they addressed? I would say that there were two significant technical challenges in developing Namada: Firstly, the design and implementation of the MASP circuit, which is quite internally intricate and must simultaneously satisfy safety requirements and provide a clear, efficient interface for users. Luckily, much of the work here was done in the past by the Electric Coin Company on Sapling, and we’ve been able to extend Sapling with multi-asset support and asset conversions while preserving all existing features (e.g., the key hierarchy). Second, the design and implementation of the shielded set rewards system must simultaneously satisfy safety and efficiency requirements and provide an incentive reward mechanism to recirculate the collective benefits of privacy back to individual contributors. As far as I am aware, this particular design is unique to Namada, and rewarding shielded assets carries unique technical challenges compared to reward systems in non-private DeFi contracts. Could you delve deeper into the concept of interchain asset-agnostic privacy? To Namada, interchain asset-agnostic privacy means providing privacy as a service to all existing and future assets which live on the interchain in a uniform way which is standardized in order to make users’ lives easier and which allows users of different assets to benefit from inclusion in a shared anonymity set. Privacy is a public good — the more users use privacy-preserving systems, the more privacy other users get — and Namada provides the protocol infrastructure to realize this privacy-preserving equilibrium. How can organizations balance the need for Asset-Agnostic Privacy with other objectives like transparency and efficiency? I do not think that these objectives are at odds with one another. Organizations and all users of Namada are free to disclose exactly what information they would like to exactly who they would like. Privacy in blockchain systems is less like drawing your curtains closed and more like choosing which group chat to send your messages to. Thanks to recent advances in applied ZK cryptography, using Namada for payments is as fast and as cheap as using a non-private chain. Could you elaborate on how Namada's proof-of-stake L1 architecture supports interchain asset-agnostic privacy? Namada supports interchain asset-agnostic privacy primarily through the IBC protocol, originally developed by the Cosmos ecosystem. Using IBC, other chains can permissionlessly connect to Namada, and users with assets on those chains can send their assets to Namada, transfer them privately, and send them back whenever they would like. Can you delve into the technical workings of the multi-asset shielded pool (MASP) circuit? How does it manage to provide privacy across different types of assets? The multi-asset shielded pool (MASP) provides privacy across different asset types by including in each note (UTXO) an asset type and the amount, owner, and other metadata. When transaction validity is checked, the MASP performs a multi-asset balance check, ensuring zero net balance independently across all asset types. Thanks to homomorphic value commitments with unique bases for each asset type, this is possible without any loss of privacy. For further information, see the MASP specification. How do asset-agnostic shielded transfers work, especially when dealing with both fungible and non-fungible tokens? Fungible and non-fungible tokens aren’t really that different in essence — modulo token-specific logic, a non-fungible token is merely a fungible token with a total supply of one unit, and this is how Namada represents NFTs. NFT-specific logic (e.g., breeding CryptoKitties) lives on the chain which issued the NFTs — Namada provides only privacy-preserving transfers, and standardizing the token logic in this fashion allows all fungible and non-fungible tokens to share the same anonymity set and provide maximum privacy for everyone involved. How does the interoperability with fast-finality chains via IBC and Ethereum via a trustless two-way bridge work practically? Practically, interoperability works via consensus verification: when the Namada validator set produces a block, a light client header and proof of this block is relayed to the other chain (say, Osmosis), which verifies it. This header can subsequently verify packets sent from Namada to Osmosis, such as a packet unshielding previously-shielded OSMO and sending it back to a user on Osmosis. The reverse direction works similarly, just with the two chains reversed. What role do novel zk-SNARKs play in enabling these private transfers? Namada relies on recent advances in zkSNARK technology — particularly, the Groth16 proof system — to provide efficient, compact proofs for the MASP circuits, which facilitate private transfers. Without zero-knowledge proof systems, this kind of practical privacy-preserving system would not be possible. Can you discuss the process of generating Zero-Knowledge Proofs (ZKPs) on edge devices and its importance for mainstream adoption? Users want payments which are cheap, fast, privacy-preserving, and accessible to them on the devices they already have — in particular, smartphones. If we want to bring privacy-preserving payment systems into the mainstream, we must meet users where they are, which will require proof generation support on phones. Luckily, lots of work in these directions has been done already, and much of the labor can be shared between projects. What are the next major milestones for Namada, and how do they align with the project's long-term strategy? As I write, Namada is conducting the Shielded Expedition, a massively multiplayer role-playing incentivized testnet, in preparation for the upcoming mainnet launch. Namada’s success depends on protocol correctness, usability, and user understanding, and the Shielded Expedition is designed to simultaneously test the former and facilitate the latter. How do you envision the future of privacy in blockchain technology? In my view, privacy — or programmable disclosure — is table-stakes for real-world usage of blockchain systems. The blockchain ecosystem has done a solid job funding applied cryptography efforts in recent years, which have made a lot of progress, but this has not yet quite materialized in cleanly integrated user-facing products. I think that we’re on the cusp of a phase change as the final technical and product pieces are now put together to make these systems ready for the mainstream.
